Reflections from a road trip: The evolving risk of DDoS attacks

Recently, I spent time with some of our customers discussing recent security events and the threat landscape. As a leader for vulnerability handling, we often have to deliver news regarding our products that can cause significant disruption for patching and remediation. I always appreciate the time that customers take to provide feedback on our products and services.

Our customers shared that the network infrastructure demonstrated considerable resilience and succeeded in delivering the increased traffic to the intended destination. Unfortunately, by delivering the increased loads, many Internet-based applications and services failed. In times past, network infrastructure devices lacked the resiliency to sustain these types of loads and our interactions were focused on network stability and recovery. This time, our conversations were focused on working proactively to embed additional intelligence into the network to detect and mitigate future attacks.

Data shows that the implementation of secure development practices have resulted in network elements that are more resilient to load-based attacks than they were ten years ago, yet we remain at risk for successful load-based attacks. The end user experience is exactly the same—applications and services are rendered unavailable. In my mind, this means that despite all the efforts around secure coding, patching, and other traditional security best practices, the DDoS problem is by no means solved. So where does that leave us?

At this point, most blog posts would start discussing the threat landscape, actors, and all of the other sexy aspects of security. Although Cisco provides a wealth of information on these topics (see the end of this post for examples), I’d like to take a different approach and offer up the perspective that DDoS is no longer a problem to be relegated to the security community alone.

We live in a connected world with more critical services, applications, and infrastructure relying on the Internet every day. It’s time to consider the threat of DDoS as a business continuity risk. Companies draft detailed contingency plans to allow business transactions to continue in the face of events such as natural disasters, terrorist attacks, and blackouts. Many companies have regular tabletop simulations or even live drills to ensure failover capabilities. The primary goal of this type of activity is validation of the failover plans and capabilities. An indirect benefit is the confidence that an organization can build robust process and decision capabilities in a future crisis.

A best practice that I will share from Cisco is that, along with the traditional risk management teams, we partner with subject matter experts from Corporate Communications, Legal, and Public Relations. Creating these dependencies and relationships outside of a crisis helps clarify and drive the decision making structure during an event. Anyone that has been involved in a crisis knows that a lot of people want to ‘help’ or be ‘in the loop’. With the current realities of social media and ‘Hactivism,’ the relationships between these groups become even more critical. In some cases, public messaging from your own company can result in being targeted for an attack, so having trusted relationships and transparency between these teams is more critical than ever.

Hopefully your organization includes cyber security activities in your business continuity planning and execution cycles. Those plans should not be limited to DDoS, as there are many other risks that we are well aware of, but this is a good place to start making new friends and building new relationships.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.